Privacy Policy
Ceph Assistant Website – Privacy Policy
The purpose of the Privacy Policy is to describe, the scope of personal data we process and the method of data processing in connection with your use of the website (‘Website’) available at https://www.cephassistant.com
CONTROLLER
Data controller: Ceph Assistant Korlátolt Felelősségű Társaság
Seat: H-1023 Budapest, Mecset utca 8. 2. em. 1.
Court registry number: 01-09-404647
Tax number: 32055102-2-41
E-mail: info@cephassistant.com
LEGAL BASIS OF PROCESSING PERSONAL DATA, SCOPE OF PERSONAL DATA COLLECTED
We rely on various legal bases in order to process your personal data:
-
In case of your consent, we process your personal data on the basis of Article 6 (1) a) of the GDPR (hereinafter referred to as ‘Consent’).
-
On the basis of Article 6 (1) b) of the GDPR, performance of the contract between us (hereinafter referred to as ‘Performance of the contract’).
-
On the basis of performance of legal obligation based on Article 6 (1) c) of the GDPR (hereinafter referred to as ‘Legal obligation’)
-
Our or third party’s legitimate interest pursuant to Article 6 (1) f) of the GDPR (hereinafter referred to as ‘Legitimate interest’).
For the following purpose, we process the following categories of personal data on the legal basis as follows:
PURPOSE OF DATA PROCESSING | CATEGORIES OF PERSONAL DATA PROCESSED | LEGAL BASIS |
|---|---|---|
Registration to use Ceph Services | Name, address, e-mail address, password, date of registration, payment information, name of your praxis | Performance of the contract, Legitimate interest |
Providing customer service | If You communicate us or submit a feedback via e-mail, your message may contain personal data such as your e-mail address, name, address. | Legitimate interest |
Invoicing | Name, address, e-mail address, VAT number | Legal obligation |
Providing newsletter | Name, e-mail address, date of subscription | Consent |
Verifiability of consent | The date of the consent | Legal obligation |
Essential cookies | Please see at ‘Cookies’ section | Legitimate interest |
Functional Cookies | Please see at ‘Cookies’ section | Consent |
-
Registration to use Ceph Services: processing your data is necessary for us to identify You as an user and to provide You with the access to the Ceph Services. The legal basis for processing your data is provided by the performance of the terms of use of the Website as a contractual legal basis and by our legitimate interest.
-
Providing customer service: Should you communicate us via e-mail, processing your data is necessary for us to identify You as an user and to respond and reply to your questions or enquiries.
-
Invoicing: The data processing process is carried out for the purpose of issuing invoices in compliance with legal regulations and fulfilling the obligation of accounting document retention.
-
Providing newsletter: the purpose of data processing is to notify You about promotions, new products, campaigns, other requests for business development purposes. We process your data based on your consent.
-
Verifiability of consent: During registration and newsletter subscription, the information system stores the data related to consent for its future proof.
We have legitimate interest and it is partially our legal obligation in gratifying the needs of our customers and their contacts, and the submitted complaints, queries, requests and communications related to the operation of our Website, the administration of individual logins and profiles. This includes, if necessary, providing your personal data to our external providers, e.g. lawyers, assisting us in responding to and resolving complaints, requests, (legal) claims and queries.
As a user of the Website, you may reasonably expect responding to your queries and settling and handling such claims requires the processing of your personal data or designating a registered partner in your complaint or claim in order for us to involve such registered partner in resolving your complaint or claim and thus settle your claim or complaint.
It is in our legitimate interest to place certain data related to the operation of the Website on your end-user device in order to operate the Website, as processing of this data and the exercise of our legitimate interest precedes your right to disposal of personal data as a user of the Website since the restriction of rights is necessary and proportionate for the basic operation of the Website. Furthermore, we are entitled to place certain data related to the operation of the Website on your end-user device for the personal use based on your consent.
If you have any further question about the legitime interest on which we rely as a legal basis for processing data, please contact us at info@cephassistant.com.
Please note that we allow users to upload and analyse anonymous X-ray images for the purposes set forth in the Terms and Conditions. As per those X-ray images may contain sensitive personal information, for instance the patient name, sex or age, we recommend you to review the X-ray images before uploading them and make sure they do not contain any information of the patient. Please note that the patient information may optionally and temporarily provided, only for generating the reports. We do not store any information of the patient.
DURATION OF THE STORAGE OF YOUR PERSONAL DATA
In accordance with data protection law, we exclusively process your personal data, until you are the user or the visitor of the Website, and until this data is necessary for us to fulfil our obligations and necessary for the purpose for which the data is collected.
-
The data processed on the basis of your consent will be processed until the withdrawal of your consent.
-
Your customer service enquiry will be preserved for one year.
-
Your complaint and the answer thereof will be preserved for three years.
-
We preserve personal data to support incidental civil claims within the limitation period for civil claims, that is the end of the fifth year.
-
Pursuant to Section 159 (1) of Act CXXVII of 2007 on Value Added Tax, issuing an invoice is mandatory, and according to Section 169 (2) of Act C of 2000 on Accounting (hereinafter referred to as ‘Accounting Act’), it must be retained for 8 years.
-
If administrative or judicial procedure is initiated in connection with our service, we will continue to process your personal data for the duration of such proceedings until their legally binding conclusion.
COOKIES
The cookie is a small text file, which is stored on your computer or mobile device. We use cookies strictly necessary for technical purposes, and to enable you to use the Webiste. Cookies may be used later to customize the website based on the user’s choice and interests. A common type of cookie is the „session cookie”.
When you sign in on our website the system sends session cookies between your device and the server in order to gather information. For more information about the operation of the cookies, please visit the following webpage: www.allaboutcookies.org.
We also use local storage objects supported by your browser (local storage and session storage) in order to store data necessary for the operation of the website on your device.
We only use essential and functional cookies. Essential cookies or settings strictly necessary for the operation of the website: without essential cookies the website will not operate at all or as intended, and these cookies are necessary to run the website or to save settings you have made on the website. These cookies may only apply to operations such as language, text size and privacy preferences. These cookies cannot be disabled, and they are usually set based on your permission on the website. If you block these cookies as a user, the website will not operate properly. We use essential cookies in line with Article 6(1)(f) of the GDPR, and Section 13/A(3) of Act CVIII of 2001 on electronic commerce, in order to provide the service.
Functionality cookies are used to enhance the performance of our website as without them certain functions of the website may not be available. However, they are not vital for a website to run, but they allow to remember important information and user’s preferences. Information can include login data, region, language, and enhanced content. Remembering such information allows our website to personalize the experience for the users. All of this happens, if a user decides to give its consent and opt-in to cookie tracking. Nevertheless, they can be either first-party, third-party, persistent, or session cookies. But they are completely anonymous. We use functional cookies in line with Article 6(1)(a) of the GDPR.
We use the following cookies in our Website:
NAME | PURPOSE | EXPIRY | PROVIDER |
|---|---|---|---|
XSRF-TOKEN | Used for security reasons | Session | Essential |
hs | Used for security reasons | Session | Essential |
svSession | Used in connection with user login | 12 months | Essential |
SSR-caching | Used to indicate the system from which the site was rendered | 1 minute | Essential |
_wixCIDX | Used for system monitoring/debugging | 3 months | Essential |
_wix_browser_sess | Used for system monitoring/debugging | Session | Essential |
consent-policy | Used for cookie banner parameters | 12 months | Essential |
smSession | Used to identify logged in site members | Session | Essential |
TS* | Used for security and anti-fraud reasons | Session | Essential |
bSession | Used for system effectiveness measurement | 30 minutes | Essential |
fedops.logger.X | Used for stability / effectiveness measurement | 12 months | Essential |
wixLanguage | Used on multilingual websites to save user language preference | 12 months | Functional |
We use the following when providing our service:
NAME | STORED DATA | PURPOSE | EXPIRY | PROVIDER |
|---|---|---|---|---|
accessToken | User session | This cookie is used for the log in procedure | - | - |
refreshToken | User session | This cookie is used for the log in procedure | - | - |
user | name, e-mail address | User data function | - | - |
anonId | No data about user | Performance analysis, debugging | End of browser session | Sentry.io |
__stripe_mid | No data about user | Performance analysis, debugging | 1 year | Sentry.io |
__stripe_sid | No data about user | Performance analysis, debugging | 1 year | Sentry.io |
gsID | No data about user | Performance analysis, debugging | End of browser session | Sentry.io |
session | No data about user | Performance analysis, debugging | 1 day | Sentry.io |
_ga | No data about user | Performance analysis, debugging | 1 day | Sentry.io |
The following links explain how to access cookie settings and delete cookies in various browsers:
-
Firefox: https://support.mozilla.com/en-US/kb/enhanced-tracking-protection-firefox-desktop?redirectslug=Enabling+and+disabling+cookies&redirectlocale=en-US; https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer;
-
Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d;
-
Google Chrome: https://support.google.com/chrome/answer/95647;
-
Safari (OS X): https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac;
-
Safari (iOS): https://support.apple.com/en-us/HT201265;
-
Android: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DAndroid&hl=en&oco=0
RECIPIENT(S) OF DATA TRANSFER
Your personal data may only be accessed on a ‘need-to-know basis’s by our authorized employees and by our service provider business partners’ employees.
We transfer your personal data for the purposes concerned to the following recipients and categories of recipients:
-
Processors: we may transfer your personal data to certain third parties, whether affiliated or independent, in order to process the data on our behalf in accordance with instructions and for the purpose of the processing. These processors are contractually obliged to implement appropriate technical and organizational measures to protect the personal data and to process the personal data only in accordance with the instructions.
Your personal data is accessed on a ‘need-to-know basis’s by the following service providers in connection with their following activities:
PROCESSOR | SEAT | ACTIVITY |
|---|---|---|
Stripe, Inc. | 510 Townsend St, San Francisco, CA 94103, USA | Payment provider |
SendGrid Inc. | 1801 California St.
Denver, CO 80202
USA
| Providing automated e-mails |
Billingo Technologies Zártkörűen Működő Részvénytársaság | H-1133 Budapest, Árbóc utca 6. | Invoicing |
ADÓKA Gazdasági Tanácsadó és Könyvelői Betéti Társaság | H-1111 Budapest, Bartók Béla út 18. 5. em. 2. ajtó | Invoicing |
Microsoft Corporation, Azure Cloud Services | One Microsoft Way, Redmond, WA 98052, USA | Server hosting |
Stripe Inc. – Data processing regarding online payments
The payment service provider, in accordance with the contract concluded with the Ceph Assistant, participates in the execution of online payments, during which data transmission occurs to the online payment service provider during the purchase process. In this process, the online payment service provider handles the relevant billing name, address and the time of the purchase according to its own data processing rules.
The purpose of the data transmission is to provide the transaction data necessary for the payment operation initiated by the online payment service provider related to the purchase.
The legal basis for data transmission set out in Article 6(1)(b) of the GDPR, the performance of the contract between the User and Ceph Assistant, which includes the payment by the User. In case of online payments, the data transmission specified in this section is necessary for the payment.
SendGrid Inc. – Data processing regarding newsletters and automated letters
The data processor, in accordance with the contract concluded with the Ceph Assistant, participates in sending newsletters and automated letters to the Users. In this process, the data processor handles the name and email address of the Users to the extent necessary for the abovementioned purposes.
Billingo Technologies Zrt. – Data processing regarding invoicing
The data processor, based on the agreement with Ceph Assistant, participates in the record-keeping of accounting documents. In this context, the data processor handles the name and address of the data subject to the extent necessary for accounting records, in accordance with Section 169 (2) of the Accounting Act, for the specified period, after which it is deleted.
Contabo GmbH – Data processing regarding server hosting
The data processor, based on the agreement with Ceph Assistant, performs the storage of personal data. The data processor is not authorized to access personal data.
ADÓKA Gazdasági Tanácsadó és Könyvelői Bt. – Data processing regarding accounting purposes
The data processor, based on the agreement with Ceph Assistant, participates in the bookkeeping of accounting documents. In this process, the data processor handles the name and address of the User to the extent necessary for accounting records, in accordance with Section 169 (2) of the Accounting Act, for the appropriate period, and immediately deletes it thereafter.
Third parties: various organizations, whether affiliated or independent, determining the purposes and means of the processing of personal data, either individually or jointly with others. For example, Hungarian lawyers, auditors, and other authorities.
INTERNATIONAL DATA TRANSFERS
We process your personal data in accordance with Hungarian data protection laws and transfer the data within the European Economic Area (‘EEA’) and outside the EEA to the United States. If we transfer your personal data outside the EEA, we take appropriate measures to ensure that your personal data is adequately protected, regardless of the country to which the data is transferred, in compliance with our legal obligations. Such a measure might be an EU Commission decision on data protection compliance or, for example, requiring and obtaining contractual commitment from any third party with access to personal data that ensures that your personal data receives at least the same protection as within the EEA. We provide a copy of the guarantees on request regarding personal data transferred outside the EEA, or if you need further information on these measures, please contact us at info@cephassistant.hu.
YOUR RIGHTS
You have the following rights in relation to our data processing:
-
Right to information: We will take appropriate measures to provide you with the information on the processing of your personal data in accordance with Articles 13 and 14 of the GDPR and to provide you with the information in accordance with Articles 15 to 22 and 34 of the GDPR. You can request information about the processing of your personal data by Ceph Assistant by sending an email to info@cephassistant.com.
-
Right to access: you have the right to receive feedback on whether your personal data is being processed and, if such processing is ongoing, you also have the right to access your personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed; the period for which the personal data are stored; the rights that the data subject may exercise (rectification, erasure, objection, restriction of processing); the right to lodge a complaint with a supervisory authority; information on the data sources and the fact of automated decision-making.
-
Right to rectification: you have the right to have inaccurate personal data concerning you corrected or to request that incomplete personal data be completed. If you are unable to carry out these operations independently, you may request us to carry out these corrections by writing to us to info@cephassistant.com.
-
Right to erasure: If you request it, we will erase personal data relating to you within 30 days of receipt of the request, if you request it on the grounds set out in Article 17(1) of the GDPR (e.g. the purpose of the processing has ceased; the data subject has withdrawn his or her consent and there is no other legal basis for the processing; the processing is unlawful; the data subject objects to the processing and there are no overriding legitimate grounds for the processing; the personal data must be erased on the basis of a legal obligation). Where there are grounds under Article 17(3) of the GDPR (e.g. processing is necessary for the exercise of the right to freedom of expression and information or for compliance with a legal obligation or for the establishment or defence of legal claims), we are entitled to refuse your request for erasure.
-
Right to restriction of processing: if You contest the accuracy of personal data relating to you, you may request that we restrict the processing of your personal data while we verify its accuracy. You may also request restriction of processing if the processing is unlawful but you object to the deletion of the personal data or if Ceph Assistant no longer needs the personal data for processing but You require it to exercise your legal rights. You also have the right to request the restriction of processing if you have objected to the processing; in this case, the restriction will apply for the period of time it takes to determine whether Ceph Assistant’s legitimate grounds override your legitimate grounds. During the restriction period, personal data may be processed, except for storage, only in exceptional cases.
-
Right to data portability: you have the right to obtain from Localme personal data concerning you in a structured, commonly used, machine-readable format and to have such data transmitted by you or, where technically feasible, by Localme to another controller, where the processing is based on consent or a contract and the processing is carried out by automated means.
-
Right to object: You are entitled to object against processing your personal data at any time, for reasons related to your special situation; in this case it may be required from us to stop processing your personal data. Should you have the right to object, and you exercise it, your personal data will no longer be processed for such purposes. There is not any cost for exercising this right. You are not entitled to object, in particular if processing your personal data is necessary for pre-contractual steps or for the performance of an already signed contract.
-
Right to complain: You can submit a complaint to the National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11., phone number: +36-1-391-1400, e-mail: ügyfelszolgalat@naih.hu). Please note that pursuant to Article 37 of the GDPR, Ceph Assistant is not obliged to appoint a data controlling officer. Accordingly, further information on data protection may be available by reaching-out with Ceph Assistant directly through info@cephassistant.com.
METHOD OF DATA PROCESSING, DATA TRANSFER, DATA SECURITY
We will not disclose your data to the public or to third parties without your prior written consent, unless we are required to do so by a court or administrative decision or by law, or if we disclose all or part of the performance of the activity to a third party.
Ceph Assistant shall not be liable to You or to any third party for any inaccuracy, misrepresentation, or omission of any personal data provided by You, unless we are required by law to verify the personal data. If any third party makes a claim against us in relation to the inaccuracy of the personal data provided, You will be responsible for satisfying that claim on behalf of Ceph Assistant. By providing us with your contact details, you also accept responsibility for ensuring that you are the only person communicating with us or using any services from the email address or telephone number you provide. Data subject is responsible for providing real and accurate information.
We do not provide information society services directly to children. The consent of children under the age of 16 to the processing of personal data is only lawful if the consent has been given or authorised by the person having parental authority over the child. The person giving the consent warrants that the consent complies with the above legal condition. If we become aware that consent to processing under the above provisions is unlawful, we will take immediate action to delete the personal data unless we have another legal basis for processing it.
Ceph Assistant will not transfer personal data of data subjects to third countries or international organisations. Ceph Assistant is not responsible for the disclosure, transmission, processing, sharing of personal data by users to third countries, which the users themselves have done of their own free will.
Ceph Assistant shall take all security, technical and organisational measures appropriate to the state of the art and the cost of implementation, to the nature, scope, context and purposes of the processing and to the risk to the rights and freedoms of natural persons, in order to ensure the security of the data, to provide an adequate level of protection against unauthorised access, alteration, disclosure, deletion or destruction, accidental destruction or accidental damage and against possible loss of access.